ONE of the world’s most infamous, former computer hackers has revealed how easy it is to hack into a bank account, as Australia faces serious cyber threats.
In a special report on cyber crime, Four Corners spoke to Kevin Mitnick, who is now a cyber security adviser to top companies.
He showed reporter Linton Besser how easy it was to set up a fake Wi-Fi scam, letting him think he was signing into his National Australia Bank account via Telstra Air.
“But what he doesn’t know, he’s connecting to my fake access point. And what we’re gonna do is we’re gonna take over his computer,” he said.
Mitnick was then able to record all of his keystrokes, including his banking password.
“And then what I’m gonna be able to do is steal his passwords, and I’m gonna be able to inject fake updates, so once he installs them we gain full control of his computer system and he’ll never know the better.”
Mitnick’s simple hack is just one part of a much larger problem with the growth of cyber crime across Australia and overseas, which is one of the greatest challenges to law enforcement.
Four Corners also revealed that a small Australian satellite company had its computer systems so comprehensively hacked that experts described their network as the most corrupted they’d ever seen.
As well, hackers, likely Chinese, had targeted the Defence Science and Technology Organisation and the Bureau of Meteorology.
The real target of the Bureau of Meteorology hack was thought to be the Australian Geospatial-Intelligence Organisation which supports defence operations through provision of satellite and other imagery, it said.
The firm Newsat, which planned to launch two Australian satellites and build an Australian satellite industry, attracted the attention of foreign hackers, with the Australian Signals Directorate breaking the bad news to company executives.
“Our network was, as far as they could see, the most corrupted they’d seen. Period,” the company’s former chief financial officer Michael Hewins told Four Corners.
Former Newsat IT manager Daryl Peter said the intruders had been inside their network for maybe two years, which was like someone looking over their shoulder for everything they did.
“Newsat had been hacked and not just by teenagers in the basement or anything like that. Whoever was hacking us was very well-funded, very professional, very serious hackers.”
A year ago Newsat called in the liquidators and sold off its remaining assets.
Although China is alleged to be responsible for much hacking, Australian officials won’t point the finger.
“It’s not useful for us to talk about any particular nation states,” said Alastair MacGibbon, special adviser on cyber security to Prime Minister Malcolm Turnbull.
A recent cybercrime victim was the Australian Bureau of Statistics which came under attack on census night, prompting it to close down the Census.
Mr MacGibbon said that was a denial of service attack which was certainly not of the scale or sophistication that should have caused any significant problems. He said that attack was easily predictable and should have been prevented.
His comments come as former Australian government cyber security official Tim Wellsmore told the program it’s not just individuals whose secrets are vulnerable to others.
Governments and businesses in Australia are attacked, and there are parts of the internet where access to hacked computer servers is bought and sold.
Former CIA and NSA Director Michael Hayden said Australia, the US and other friendly similar nations around the world need to protect their data.
Four Corners stated it had also been told of significant cyber attacks against Austrade.
The program was also taken inside a secure facility at the Australian Defence Force Academy in Canberra, where viewers saw two rival teams compete in a training exercise to shut down each other’s power grid — which could be a real hacker’s target.
One of the cyber world’s experts, Washington-based Dmitri Alperovitch, also criticised Australia for not doing enough to warn local industry about online threats.
“The reality is that the Australian government is very well aware of these activities but they have not really come out and publicly acknowledged it, they have not done a good job, in my opinion, educating the public about this threat and as a result there’s a sense of complacency oftentimes among industry because they don’t appreciate that even in Australia you can be targeted,” he said.
“And China happens to be your biggest trading partner — there’s a lot of reasons why they would be hacking into your industry, to try to steal intellectual property, try to get an advantage in trade negotiations and it’s happening very often and, uh, very little is being done about it.”
Mr MacGibbon defended the government, saying they needed more time to develop ongoing conversations about cyber attacks with the Australian public.
“You have to give us some time as we work through what can be said, how it can be said to increase the level of engagement,” he said.
As for the allegations against China, the Chinese government through its embassy in Canberra told the ABC it has denied it was behind the cyber attacks in Australia, describing the allegations as “nothing but false cliches”.